Trust Assessment
sysadmin-toolbox received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized SKILL_DIR argument, Supply Chain Risk: Unpinned Git repository in refresh script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized SKILL_DIR argument The `scripts/refresh.sh` script constructs file paths using the `SKILL_DIR` variable, which can be set by the first command-line argument (`$1`). If an attacker can control this argument, they could inject arbitrary commands into the `awk` commands or other shell operations by crafting a malicious `skill-dir` value (e.g., `'; rm -rf /'`). The script does not sanitize or validate the input `skill-dir` before using it in file paths, leading to a potential command injection vulnerability. Validate and sanitize the `$1` argument before assigning it to `SKILL_DIR`. Ensure it only contains valid path characters and does not contain command separators or other malicious constructs. A safer approach would be to resolve the path to an absolute, canonical path and ensure it's within an expected directory. Alternatively, use `printf %q` for quoting if the path is passed to another command, or avoid direct shell interpolation for user-controlled paths. | LLM | scripts/refresh.sh:10 | |
| HIGH | Supply Chain Risk: Unpinned Git repository in refresh script The `scripts/refresh.sh` script clones content from `https://github.com/trimstray/the-book-of-secret-knowledge.git` using `git clone --depth 1`. This fetches only the latest commit from the default branch. If the upstream repository is compromised or its maintainers introduce malicious content, the skill will automatically pull and incorporate this content without review. There is no mechanism to pin to a specific commit hash, tag, or even a stable branch, making the skill vulnerable to supply chain attacks. Pin the `git clone` operation to a specific commit hash or a signed tag. This ensures that only a known, reviewed version of the upstream content is pulled. Implement a verification step (e.g., checksum validation) if possible. Regularly review and update the pinned version. | LLM | scripts/refresh.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jdrhyne/sysadmin-toolbox/scripts/refresh.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/749ff110fef3d961)
Powered by SkillShield